Search in sources :

Example 6 with PermissionInfo

use of com.google.gerrit.extensions.api.access.PermissionInfo in project gerrit by GerritCodeReview.

the class AccessIT method removePermissionRulesAndCleanupEmptyEntries.

@Test
public void removePermissionRulesAndCleanupEmptyEntries() throws Exception {
    // Add initial permission set
    ProjectAccessInput accessInput = newProjectAccessInput();
    AccessSectionInfo accessSectionInfo = createDefaultAccessSectionInfo();
    accessInput.add.put(REFS_HEADS, accessSectionInfo);
    pApi.access(accessInput);
    // Remove specific permission rules
    AccessSectionInfo accessSectionToRemove = newAccessSectionInfo();
    PermissionInfo codeReview = newPermissionInfo();
    codeReview.label = LABEL_CODE_REVIEW;
    PermissionRuleInfo pri = new PermissionRuleInfo(PermissionRuleInfo.Action.DENY, false);
    codeReview.rules.put(SystemGroupBackend.REGISTERED_USERS.get(), pri);
    pri = new PermissionRuleInfo(PermissionRuleInfo.Action.DENY, false);
    codeReview.rules.put(SystemGroupBackend.PROJECT_OWNERS.get(), pri);
    accessSectionToRemove.permissions.put(Permission.LABEL + LABEL_CODE_REVIEW, codeReview);
    ProjectAccessInput removal = newProjectAccessInput();
    removal.remove.put(REFS_HEADS, accessSectionToRemove);
    pApi.access(removal);
    // Remove locally
    accessInput.add.get(REFS_HEADS).permissions.remove(Permission.LABEL + LABEL_CODE_REVIEW);
    // Check
    assertThat(pApi.access().local).isEqualTo(accessInput.add);
}
Also used : PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) ProjectAccessInput(com.google.gerrit.extensions.api.access.ProjectAccessInput) Test(org.junit.Test) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)

Example 7 with PermissionInfo

use of com.google.gerrit.extensions.api.access.PermissionInfo in project gerrit by GerritCodeReview.

the class AccessIT method addNonGlobalCapabilityToGlobalCapabilities.

@Test
public void addNonGlobalCapabilityToGlobalCapabilities() throws Exception {
    AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
    ProjectAccessInput accessInput = newProjectAccessInput();
    AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
    PermissionInfo permissionInfo = newPermissionInfo();
    permissionInfo.rules.put(adminGroup.getGroupUUID().get(), null);
    accessSectionInfo.permissions.put(Permission.PUSH, permissionInfo);
    accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
    exception.expect(BadRequestException.class);
    gApi.projects().name(allProjects.get()).access(accessInput);
}
Also used : AccountGroup(com.google.gerrit.reviewdb.client.AccountGroup) PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) ProjectAccessInput(com.google.gerrit.extensions.api.access.ProjectAccessInput) Test(org.junit.Test) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)

Example 8 with PermissionInfo

use of com.google.gerrit.extensions.api.access.PermissionInfo in project gerrit by GerritCodeReview.

the class AccessIT method createDefaultGlobalCapabilitiesAccessSectionInfo.

private AccessSectionInfo createDefaultGlobalCapabilitiesAccessSectionInfo() {
    AccessSectionInfo accessSection = newAccessSectionInfo();
    PermissionInfo email = newPermissionInfo();
    PermissionRuleInfo pri = new PermissionRuleInfo(PermissionRuleInfo.Action.ALLOW, false);
    email.rules.put(SystemGroupBackend.REGISTERED_USERS.get(), pri);
    accessSection.permissions.put(GlobalCapability.EMAIL_REVIEWERS, email);
    return accessSection;
}
Also used : PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo)

Example 9 with PermissionInfo

use of com.google.gerrit.extensions.api.access.PermissionInfo in project gerrit by GerritCodeReview.

the class AccessIT method removeGlobalCapabilityAsAdmin.

@Test
public void removeGlobalCapabilityAsAdmin() throws Exception {
    AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
    ProjectAccessInput accessInput = newProjectAccessInput();
    AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
    PermissionInfo permissionInfo = newPermissionInfo();
    permissionInfo.rules.put(adminGroup.getGroupUUID().get(), null);
    accessSectionInfo.permissions.put(GlobalCapability.ACCESS_DATABASE, permissionInfo);
    // Add and validate first as removing existing privileges such as
    // administrateServer would break upcoming tests
    accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
    ProjectAccessInfo updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
    assertThat(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions.keySet()).containsAllIn(accessSectionInfo.permissions.keySet());
    // Remove
    accessInput.add.clear();
    accessInput.remove.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
    updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
    assertThat(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions.keySet()).containsNoneIn(accessSectionInfo.permissions.keySet());
}
Also used : AccountGroup(com.google.gerrit.reviewdb.client.AccountGroup) PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) ProjectAccessInput(com.google.gerrit.extensions.api.access.ProjectAccessInput) Test(org.junit.Test) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)

Example 10 with PermissionInfo

use of com.google.gerrit.extensions.api.access.PermissionInfo in project gerrit by GerritCodeReview.

the class SetAccess method getAccessSections.

private List<AccessSection> getAccessSections(Map<String, AccessSectionInfo> sectionInfos) throws UnprocessableEntityException {
    if (sectionInfos == null) {
        return Collections.emptyList();
    }
    List<AccessSection> sections = new ArrayList<>(sectionInfos.size());
    for (Map.Entry<String, AccessSectionInfo> entry : sectionInfos.entrySet()) {
        AccessSection accessSection = new AccessSection(entry.getKey());
        if (entry.getValue().permissions == null) {
            continue;
        }
        for (Map.Entry<String, PermissionInfo> permissionEntry : entry.getValue().permissions.entrySet()) {
            Permission p = new Permission(permissionEntry.getKey());
            if (permissionEntry.getValue().exclusive != null) {
                p.setExclusiveGroup(permissionEntry.getValue().exclusive);
            }
            if (permissionEntry.getValue().rules == null) {
                continue;
            }
            for (Map.Entry<String, PermissionRuleInfo> permissionRuleInfoEntry : permissionEntry.getValue().rules.entrySet()) {
                PermissionRuleInfo pri = permissionRuleInfoEntry.getValue();
                GroupDescription.Basic group = groupsCollection.parseId(permissionRuleInfoEntry.getKey());
                if (group == null) {
                    throw new UnprocessableEntityException(permissionRuleInfoEntry.getKey() + " is not a valid group ID");
                }
                PermissionRule r = new PermissionRule(GroupReference.forGroup(group));
                if (pri != null) {
                    if (pri.max != null) {
                        r.setMax(pri.max);
                    }
                    if (pri.min != null) {
                        r.setMin(pri.min);
                    }
                    r.setAction(GetAccess.ACTION_TYPE.inverse().get(pri.action));
                    if (pri.force != null) {
                        r.setForce(pri.force);
                    }
                }
                p.add(r);
            }
            accessSection.getPermissions().add(p);
        }
        sections.add(accessSection);
    }
    return sections;
}
Also used : UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException) PermissionRule(com.google.gerrit.common.data.PermissionRule) ArrayList(java.util.ArrayList) AccessSection(com.google.gerrit.common.data.AccessSection) GroupDescription(com.google.gerrit.common.data.GroupDescription) PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) GlobalPermission(com.google.gerrit.server.permissions.GlobalPermission) Permission(com.google.gerrit.common.data.Permission) PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) Map(java.util.Map)

Aggregations

PermissionInfo (com.google.gerrit.extensions.api.access.PermissionInfo)10 AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)9 PermissionRuleInfo (com.google.gerrit.extensions.api.access.PermissionRuleInfo)7 AbstractDaemonTest (com.google.gerrit.acceptance.AbstractDaemonTest)4 ProjectAccessInput (com.google.gerrit.extensions.api.access.ProjectAccessInput)4 Test (org.junit.Test)4 AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)3 Permission (com.google.gerrit.common.data.Permission)2 PermissionRule (com.google.gerrit.common.data.PermissionRule)2 AccessSection (com.google.gerrit.common.data.AccessSection)1 GroupDescription (com.google.gerrit.common.data.GroupDescription)1 ProjectAccessInfo (com.google.gerrit.extensions.api.access.ProjectAccessInfo)1 UnprocessableEntityException (com.google.gerrit.extensions.restapi.UnprocessableEntityException)1 GlobalPermission (com.google.gerrit.server.permissions.GlobalPermission)1 ArrayList (java.util.ArrayList)1 Map (java.util.Map)1